21 matches found
PT-2025-2428
Name of the Vulnerable Software and Affected Versions: IBM Control Center versions 6.2.1 through 6.3.1 Description: The issue is related to an observable discrepancy in responses to incoming requests, which could allow a remote attacker to enumerate usernames. This discrepancy may enable...
PT-2025-4853 · Unknown · Cosmos-Server
Name of the Vulnerable Software and Affected Versions: Cosmos-Server versions prior to 0.17.7 Description: The Cosmos-Server software has a user enumeration issue due to the error code returned during login, allowing an attacker to determine if a user exists in the database by monitoring the erro...
PT-2024-16760 · Unknown · Code-Projects Job Recruitment
Name of the Vulnerable Software and Affected Versions: code-projects Job Recruitment versions prior to the latest release Description: A critical issue affects some unknown processing of the file /login.php. The manipulation of the argument email leads to SQL injection. The attack may be initiate...
PT-2024-7392
Name of the Vulnerable Software and Affected Versions: Webmin Usermin version 2.100 Description: A discrepancy in error messages for invalid login attempts in Webmin Usermin allows attackers to enumerate valid user accounts. This issue is related to shortcomings in the error reporting mechanism,...
PT-2024-37516 · WordPress · Wps Hide Login
Name of the Vulnerable Software and Affected Versions: WPS Hide Login WordPress plugin versions prior to 1.9.16.4 Description: The issue allows an unauthenticated visitor to access the hidden login page due to the plugin not preventing redirects to the login page via the auth redirect WordPress...
PT-2024-31058 · Cemipark · Cemipark
Name of the Vulnerable Software and Affected Versions: CemiPark software versions 4.5, 4.7, 5.03 Description: The access control in CemiPark software does not properly validate user-entered data, allowing for authentication bypass. An attacker with network access to the login panel can log in wit...
PT-2024-2528 · Jetbrains · Jetbrains Teamcity +1
Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2024.03 Description: The issue is related to an open redirect vulnerability on the login page of JetBrains TeamCity. This could allow a remote attacker to redirect a user to an arbitrary URL...
PT-2024-12880 · Unknown · Openclinic Ga
Name of the Vulnerable Software and Affected Versions: OpenClinic GA version 5.247.01 Description: A Reflected Cross-Site Scripting XSS issue has been discovered. The message parameter in the login.jsp is vulnerable. Recommendations: For OpenClinic GA version 5.247.01, avoid using the message...
PT-2024-19013
Name of the Vulnerable Software and Affected Versions vantage6 versions prior to 4.2.0 Description The vantage6 technology is used to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. It is possible to find out usernames from the response...
PT-2023-24784 · Kyocera · Kyocera Taskalfa 4053Ci
Name of the Vulnerable Software and Affected Versions: Kyocera TASKalfa 4053ci printers through 2VG S000.002.561 Description: The issue allows identification of valid user accounts via username enumeration. This occurs because the system returns a "nicht einloggen" error rather than a "falsch"...
PT-2023-29764 · Wipotec Gmbh · Comscale
Name of the Vulnerable Software and Affected Versions: WIPOTEC GmbH ComScale versions 4.3.29.21344 through 4.4.12.723 Description: An issue in WIPOTEC GmbH ComScale allows unauthenticated attackers to login as any user without a password. Recommendations: For versions 4.3.29.21344 and 4.4.12.723,...
PT-2023-28721 · Macrob7 · Macrob7 Macs Framework Content Management System
Name of the Vulnerable Software and Affected Versions: Macrob7 Macs Framework Content Management System CMS version 1.1.4f Description: The issue is related to a PHP type confusion vulnerability due to loose comparison in the isValidLogin function during a login attempt. This vulnerability can le...
PT-2023-6846 · Glpi +2 · Glpi +2
Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.10 Description: The issue is related to the lack of path filtering on the GLPI URL, which may allow an attacker to transmit a malicious URL of the login page to attempt a phishing attack on user credentials. This c...
PT-2023-5182 · Unknown · Qms Automotive
Name of the Vulnerable Software and Affected Versions: QMS Automotive versions prior to V12.39 Description: A vulnerability has been identified in QMS Automotive that allows an attacker to enumerate usernames and identify valid usernames due to the application returning inconsistent error message...
PT-2023-27133 · Sourcecodester · Sourcecodester Online Jewelry Store
Name of the Vulnerable Software and Affected Versions: SourceCodester Online Jewelry Store version 1.0 Description: A critical issue has been found in the login.php file, where the manipulation of the username and password arguments leads to sql injection. The attack can be initiated remotely...
PT-2023-25741 · Sourcecodester · Sourcecodester Insurance Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Life Insurance Management System version 1.0 Description: A critical vulnerability was found in the SourceCodester Life Insurance Management System. This issue affects the file login.php and is caused by the manipulation of the...
PT-2023-23754 · Otcms · Otcms
Name of the Vulnerable Software and Affected Versions: OTCMS versions up to 6.62 Description: A critical issue was discovered, affecting unknown code. The manipulation of the username and password arguments with the input admin leads to the use of a hard-coded password. Recommendations: For OTCMS...
PT-2023-20684 · Unknown · Lorawan-Stack
Name of the Vulnerable Software and Affected Versions: lorawan-stack versions prior to 3.24.1 Description: The issue is related to an open redirect on the login page of the lorawan-stack server, allowing an attacker to supply a user-controlled redirect upon sign in. This may enable malicious acto...
PT-2023-16525 · Sourcecodester · Sourcecodester Best Online News Portal
Name of the Vulnerable Software and Affected Versions: SourceCodester Best Online News Portal version 1.0 Description: A critical issue has been found in the Login Page component, where the manipulation of the username argument leads to SQL injection. This can be exploited remotely...
PT-2022-11456
Name of the Vulnerable Software and Affected Versions Sourcecodester Banking System version 1 Description The issue allows attackers to execute arbitrary SQL commands via the username or password field, potentially leading to unauthorized access or data manipulation. Recommendations For...